[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP 2.4

To: OpenLDAP-Software@openldap.org
Subject: Re: OpenLDAP 2.4
From: Howard Chu <hyc@symas.com>
Date: Wed, 21 Feb 2007 06:42:54 -0800
In-reply-to: <45D5ACB6.6010206@symas.com>
References: <45D5ACB6.6010206@symas.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a2pre) Gecko/20070213 Netscape/7.2 (ax) Firefox/1.5 SeaMonkey/1.5a

Some minor bits, from browsing the Software Enhancements section of the ITS.
I figured they're relatively obscure and easy to miss, so drawing attention
to them here.

ITS#4554: slapindex option for attribute you can now give a list of specific attributes to (re)index on the slapindex command line. This is handy if you've just changed one or two settings. Of course, this only matters if you're manually editing slapd.conf; if you change index configurations using cn=config then the background indexer will take care of it. (This feature is described in the slapindex(8) manpage.)

ITS#4707: for LDAP application developers, a new function ldap_init_fd() has been added to allow an LDAP session to be created using a socket provided by the caller. This is useful if the application has particular constraints it needs to set on the client connection before giving control to libldap. (This function is in the ldap_open(3) manpage.)

ITS#4834: use the dn2id index for extensible filters matching against the entryDN attribute. This probably only affects a small class of search uses. One example is a search I would use in my LDAP milter for Sendmail - when looking up access rules for an email address, if an exact match for the address isn't found, the code should incrementally peel off domain components until a match is found, or until it reaches an empty domain and no matches were found. E.g., given the email address joe_bob@foo.example.com, the milter does a lookup on uid=joe_bob,dc=foo,dc=example,dc=com,<suffix> On a failure it might come back with "matchedDN: dc=example,dc=com,<suffix>" and the milter would then pick up the rules in that entry on a 2nd search attempt.

But using an extensible filter, I could get every possible rule in a single search, with a filter like this: (|(entryDN=uid=joe_bob,dc=foo,dc=example,dc=com,<suffix>) (entryDN:dnSuperiorMatch:=uid=joe_bob,dc=foo,dc=example,dc=com,<suffix>))

which would return the target entry (if it existed) and all of its parent entries.

Like I said, obscure...
--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  Chief Architect, OpenLDAP     http://www.openldap.org/project/

References:
- OpenLDAP 2.4
  - From: Howard Chu <hyc@symas.com>

Prev by Date: slapd stopping with no error message
Next by Date: Re: slapd stopping with no error message
Index(es):
- Chronological
- Thread